Blog • 24th March 2023

Cyber Guidance for Small Businesses

How can the security community better bridge the gaps between Big Guidance and small business?

EdTech • 23rd March 2023

How to Detect and Respond to Bot Attacks in Higher Education

Bots continue to become more capable and harder to detect, so it’s more important than ever that you know how to prepare for them, spot them and stop them.

NIST • 13th March 2023

SP 800-219 Rev. 1, Automated Secure Configuration Guidance from the mSCP

This publication introduces the mSCP, describes use cases for leveraging the mSCP content, and introduces a new feature of the mSCP that allows organizations to customize security rules more easily.

TechTarget • 6th March 2023

How to create an incident response playbook

Here's a crash course in what incident response playbooks are, why they are important, how to use them and how to build them.

Blog • 5th March 2023

20 Years of Supporting NIST

This month is my 20-year anniversary of supporting NIST.

TechTarget • 24th February 2023

Centralized vs. decentralized identity management explained

Learn about centralized vs. decentralized identity management, as well as the advantages and disadvantages of each from the viewpoints of organizations and individuals.

FedTech • 9th February 2023

How IoT Can Impact Agency Security

Security measures may differ from one IoT device to another and even for a single type of device if it’s used for multiple purposes. That said, here are the high-level principles that every agency should follow.

TechTarget • 25th January 2023

How cyber deception technology strengthens enterprise security

Cyber deception technology has recently gained the spotlight as a key defensive weapon in the enterprise cybersecurity arsenal.

Blog • 15th January 2023

Belief

I thought that sharing my story might be helpful or interesting to some people who feel like I used to.

Blog • 8th January 2023

Mapping Methods

I'm crowdsourcing my quest for mapping methods.

EdTech • 4th January 2023

What Higher Ed Institutions Should Know About SSE

Here are some facts and common misconceptions about SSE solutions.

Blog • 31st December 2022

New Adventures in 2023

I've been inspired to think hard about what I'd like to do in 2023.

EdTech • 20th December 2022

How to Stay Ahead of 4 Emerging Cybersecurity Threats in Higher Ed

Here are four emerging cybersecurity threats and suggestions for defending against them. Higher education institutions can expect to encounter some or all of these threats soon.

TechTarget • 13th December 2022

12 types of wireless network attacks and how to prevent them

Let's take a look at the most common forms of wireless network attacks and specific types within each category, and then talk about how to prevent them.

Blog • 12th December 2022

Transcription Zen

One of my hobbies is collecting mangled auto-transcriptions. I call it Transcription Zen.

NIST • 9th December 2022

SP 1800-34, Validating the Integrity of Computing Devices

Organizations are increasingly at risk of cyber supply chain compromise, whether intentional or unintentional. Cyber supply chain risks include counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware. Managing these risks requires ensuring the integrity of the cyber supply chain and its products and services. This project demonstrates how organizations can verify that the internal components of the computing devices they acquire, whether laptops or servers, are genuine and have not been tampered with. This solution relies on device vendors storing information within each device, and organizations using a combination of commercial off-the-shelf and open-source tools that work together to validate the stored information. This NIST Cybersecurity Practice Guide describes the work performed to build and test the full solution.

NIST • 8th December 2022

NISTIR 8278A Rev. 1 (Draft), National OLIR Program: Submission Guidance for OLIR Developers

Draft NIST IR 8278Ar1, National Online Informative References (OLIR) Program: Submission Guidance for OLIR Developers, instructs OLIR Developers – the subject matter experts who create OLIRs – on how to complete an OLIR Template when submitting an OLIR to NIST for inclusion in the OLIR Catalog.

NIST • 8th December 2022

NISTIR 8278 Rev. 1 (Draft), National OLIR Program: Overview, Benefits, and Use

Draft NIST IR 8278r1, National Online Informative References (OLIR) Program: Overview, Benefits, and Use, describes the OLIR Program, including what OLIRs are, what benefits they provide, and how anyone can access and use OLIRs.

Blog • 5th December 2022

Me and my portfolio

A quick intro to who I am and what I've done

Blog • 27th November 2022

Launching the Scarfone Cybersecurity blog!

I've been writing nonstop since the year 2000, but I've never blogged...until now!